as someone here was nice enough to point out to me:
by default, certain versions of PIX software come out of the box with
fixup protocol smtp 25
enabled.
this implements something called 'Mail Guard', which rewrites smtp
conversations, only allowing rfc 821 commands.
we've been having two types of mail problems since installing the pix:
1. certain domains just couldn't email us.
2. we sometimes receive hundreds of copies of the same email.
once i removed the smtp fixup from the pix, mail started soming throough
from the domains that fell into category #1. (incidentally, they we're all
exchange servers). it appears that number2 is now fixed as well, although
that will take more time to verify.
basically, what would happen is this:
remote mailserver initiates conversation, says something like
EHLO server.imaginary.com
the PIX would rewrite the line to this (becase EHLO isin't rfc821)
XXXX server.imaginary.com
to which qmail would respond:
502 unimplemented (#5.5.1)
the upshot was that eventually i'd have about 50 qmail-smtpd processes
running at any given time.
what finally gave the source of the problem away:
telnet <your mailserver> 25
from both inside the network , and outside (through the pix).
if you type help, and you get
502 unimplemented from the outside, and
214 qmail home page:http://pobox.com/~djb/qmail.html
from the inside, the pix may be your problem.
dan
At 01:12 PM 3/19/01 -0800, you wrote:
>What would a PIX have to do with it? I am having a random mutiple delivery
>problem, and I am behind a PIX.
>
>Thanks
>Kep
>
> _____
>
> ants.com <http://www.ants.com> scout <http://www.ants.com/scout>
>
>Kep Brown
>Systems, Network and Database Administrator
>phone: (805) 560-3781
>fax: (805) 560-3991
>e: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
>
>
>
>
>-----Original Message-----
>From: Moutsos Georgios [mailto:[EMAIL PROTECTED]]
>Sent: Monday, March 19, 2001 10:21 AM
>To: dan kelley
>Cc: [EMAIL PROTECTED]
>Subject: RE: Repeated Identical Messages
>
>
>Your servers are probably behind a Cisco PIX firewall.
>
>J.
>
>> -----Original Message-----
>> From: dan kelley [mailto:[EMAIL PROTECTED]]
>> Sent: ÄåõôÝñá, 19 Ìáñôßïõ 2001 6:35 ìì
>> To: Markus Stumpf
>> Cc: [EMAIL PROTECTED]
>> Subject: Re: Repeated Identical Messages
>>
>>
>>
>> this is getting much weirder. following the message below, i tested both
>> my backup and primary to see if they implemented help for qmail.
>>
>> here's what happened:
>>
>> when i test help by doing the following:
>>
>> from an ip inside the local network:
>>
>> >telnet mailhost.otec.com smtp
>> [dkelley@mx1 qmail]# telnet mailhost.otec.com smtp
>> Trying 209.3.117.5...
>> Connected to mx1.ny.otec.com.
>> Escape character is '^]'.
>> 220 mx1.ny.otec.com ESMTP
>> help
>> 214 qmail home page: http://pobox.com/~djb/qmail.html
>>
>> from a remote ip:
>> % telnet mailhost.otec.com smtp
>> Trying 209.3.117.5...
>> Connected to mx1.ny.otec.com.
>> Escape character is '^]'.
>> 220 *********************
>> help
>> 502 unimplemented (#5.5.1)
>>
>> ...
>
>
>
>
________________
Dan Kelley
www.otec.com
212-840-8600
________________
